Skip to main content

Bsv Ruby Sdk

1 CVEs product

Monthly

CVE-2026-40069 Ruby HIGH PATCH GHSA This Week

Incorrect transaction broadcast failure detection in BSV Ruby SDK 0.1.0 through 0.8.1 allows unauthenticated remote attackers to manipulate application logic by exploiting incomplete ARC response validation. The SDK's BSV::Network::ARC module only recognizes REJECTED and DOUBLE_SPEND_ATTEMPTED status codes as failures, silently treating INVALID, MALFORMED, MINED_IN_STALE_BLOCK, and ORPHAN-containing responses as successful broadcasts. Applications relying on broadcast confirmation for gating critical actions accept failed transactions as valid, enabling integrity compromise in blockchain-dependent workflows. No public exploit identified at time of analysis.

Information Disclosure Bsv Ruby Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Incorrect transaction broadcast failure detection in BSV Ruby SDK 0.1.0 through 0.8.1 allows unauthenticated remote attackers to manipulate application logic by exploiting incomplete ARC response validation. The SDK's BSV::Network::ARC module only recognizes REJECTED and DOUBLE_SPEND_ATTEMPTED status codes as failures, silently treating INVALID, MALFORMED, MINED_IN_STALE_BLOCK, and ORPHAN-containing responses as successful broadcasts. Applications relying on broadcast confirmation for gating critical actions accept failed transactions as valid, enabling integrity compromise in blockchain-dependent workflows. No public exploit identified at time of analysis.

Information Disclosure Bsv Ruby Sdk
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy